<?php
	if(isset($_POST['uname']) && isset($_POST['pass'])){
		include('config.php');
		
		$uname = addslashes($_POST['uname']);
		$pass = addslashes($_POST['pass']);
		
		$query = 'SELECT U.password, U.user_id FROM USERS U WHERE username = \'' . $uname . '\' AND password = \'' . md5($pass) . '\'
			AND active=1';

		$results = mysql_query($query);
		
		if(mysql_num_rows($results) == 1){
			$row = mysql_fetch_array($results);
			
			setcookie('session_id', md5($pass), time()+3600*24*30);
			setcookie('user_id', $row['user_id'], time()+3600*24*30);
			
			header('Location: index.php');
		}else{
			echo '<html>
					<body onload="fail()">
						<script type="text/javascript">
							function fail(){
								alert("Login Failed!");
							}
						</script>
					</body>
				</html>';
		}
	}else{
		setcookie('session_id', '', time()-3600);
		setcookie('user_id', '', time()-3600);
		
		header('Location: index.php');
	}
	
	mysql_close($mysql_handle);
?>